The Chinese Communist Party used TikTok data to identify and track protesters in Hong Kong, says former ByteDance executive

Photo credit: Plann / CC from 4.0

Last week, a report indicated that TikTok has stored sensitive financial information of creators on servers in China — where government officials can unilaterally demand access to company records. Now, a former ByteDance executive says the Chinese Communist Party (CCP) previously accessed the TikTok data of Hong Kong protesters.

The more recent of the troubling claims surfaced in one Wall Street Journal Report focusing on the claims of a certain Yintao Yu. Yu, who currently resides in California, is said to have served as the technical lead for ByteDance’s US operations between August 2017 and November 2018, working for the Beijing-headquartered company in both the Chinese capital and Los Angeles.

In early May 2023, amid ongoing TikTok control and related government-level bans, Yu filed a wrongful termination lawsuit against ByteDance. According to the shocking complaint, the engineer was fired from the company after allegedly disclosing troubling behavior he observed at work — including allegedly ByteDance granting the CCP free access to users’ TikTok data in the US .

Notwithstanding the alleged existence of a backdoor through which the CCP can access data, TikTok has long denied sharing user information with Beijing. (An alleged misdirection in TikTok CEO Shou Zi Chew’s testimony before Congress in March forced Yu to pursue legal action, according to his attorney.) But the CCP owns a portion of ByteDance, which admitted in 2022 that its employees were illegitimate journalists had accessed the user data of two people.

In a new filing, Yu alleges that a committee of CCP members used TikTok to obtain the “network information, SIM card identifiers and IP addresses” of “Hong Kong civil rights activists and protesters” to determine their identities and locations , Per diary.

Logic, of course, suggests that the same committee (as well as other CCP members) would be in no hurry to relinquish the “superuser” credential that allegedly provided access to the data half a decade ago. (At least at this point, ByteDance also stored “everyone’s direct messages, search histories, and viewed content,” according to the report on the most recent filing related to Yu’s complaint.)

In any event, in a statement, a ByteDance spokesperson predictably denied the “baseless allegations” at hand, describing the former employee’s allegations as “clearly intended to attract media attention.”

As TikTok evades further government scrutiny — including possible sweeping bans in the US and elsewhere — in the coming months, it’s possible that exposing alleged shortcomings in protecting user privacy could have significant political ramifications. For now, however, the short-form app continues to host promotional events, expands into music and beyond (including the development of an AI chatbot), and emphasize the supposedly positive aspects of its reach and impact.